Today, Microsoft has made some quite big (and important!) announcements around the work they are doing to improve the experience for Hybrid Exchange customers. These announcements were all “dropped” during session BRK3155 (How to thrive as an organization in Exchange Online), and – for most – came quite unexpected. If there’s one piece of feedback I would give Microsoft, it would be to better align the title of such sessions to their content!
This being said, with everything that was mentioned, I figured it would be a good idea to summarize it all (without going into too much detail) in a short write-up. As time permits, I will go into more detail on each of these items later this week.
If you’re not interested in more information about each feature, and just care about the headlines, here’s what was announced:
- Cross-premises delegation permissions (e.g. Send-on-Behalf, Calendar permissions, …) will be fully supported. Expected timeframe is Q1/2018. Fix for this is already rolling out in the service.
- Microsoft is working to solve the Automapping problem in hybrid deployments. Fix is being rolled out and (Private) Preview starting soon.
- In the future you will be able to remove the last Exchange server after having moved all mailboxes to the cloud. Plumbing for this has already started and expected to be released in the coming 12-18 months. Though with Microsoft, you never know!
- Microsoft is working on allowing you to move mailboxes cross-tenant. The capability to do so has been demoed in the session, but more work is needed to offer a more holistic approach. This is important, because cross-tenant migrations entail more than just moving mailboxes. There’s mail routing, there’s other workloads and – perhaps most importantly – there’s the need for proper governance. None of which was discussed (or showed) at this time. The timeline for this capability is the coming 12-18 months. This means that 3rd-party vendors (like QuadroTech, BinaryTree) are still very much needed to facilitate such scenarios today. Microsoft isn’t just there yet. Future will tell how useful Microsoft’s capability will be and how 3rd-party vendors will adopt to enhance the experience even further.
- To drive down complexity for hybrid deployments, a new hybrid solution backbone is being developed. This backbone which uses a “connector” will no longer require inbound connections (no more firewall ports to be opened) and is part of the solution for earlier new features. Think of the connector like an Azure App Proxy which uses the same principle (I wouldn’t be surprised that it’s a modified version thereof). Exchange Online will then, instead of using the “Public” Internet, route traffic to the connector through which it then makes its way to on-prem (outbound TCP443 connection). Timeline is in the next 6 months or so.
- Send-As permissions are a bit harder to solve. This will require item 4 to be solved (which will probably require item 5 to be done too). However, once that is done, this scenario will be covered as well. Today, however, the workaround is to explicitly define permissions in both EXO/On-Prem (it works!).
Other news – not necessarily hybrid related – that was announced in this session:
- Client Access Rules are coming to Exchange Online. These rules allow you to control how someone can access Exchange Online.
- new On Send events allow you to create add-ins which can fire when someone sends a message (e.g. DLP, content inspection, classification etc.). Currently only for OWA. Outlook clients coming (much) later.
There’s plenty of exciting stuff coming in the next few months. For now, we will still have to work with the limitations that exist, but if you are in the planning phase for Hybrid Exchange, it might be worth keeping these announcements in the back of your mind.
As things unfold over the coming weeks and months, I will be covering a lot of the details here, and in the Office 365 for IT Pros ebook. Make sure to grab your copy here!
Hi Michael, I’ve been waiting for an eternity for news on the ability to remove the last Exchange Server when using AADC. I don’t suppose you have any news to divulge? As far as I can tell there’s be nothing mentioned since Ignite 2017.
Unfortunately nothing so far. All I have is what was said in BRK3155 at Ignite. They’ve delivered on some items which they discussed (OCT), but nothing else. I suspect they just need a bit more work to put everything together…!
Hi Michael. is there any update on tenant to tenant migration for mailboxes? thanks
Last I heard, MSFT is still working on this!